controller_base.rb in bullet_train-api-1.2.11

- old
+ new

@@ -2,19 +2,31 @@
   extend ActiveSupport::Concern
 
   module StrongParameters
     # Only allow a list of trusted parameters through.
     def user_params
-      strong_params = params.require(:user).permit(
-        *permitted_fields,
+      password_fields = [
+        :password,
+        :current_password,
+        :password_confirmation
+      ]
+      general_fields = [
         :email,
         :first_name,
         :last_name,
         :time_zone,
-        :locale,
-        :current_password,
-        :password,
-        :password_confirmation,
+        :locale
+      ]
+
+      selected_fields = if params.is_a?(BulletTrain::Api::StrongParametersReporter)
+        password_fields + general_fields
+      else
+        (params["commit"] == t(".buttons.update_password")) ? password_fields : general_fields
+      end
+
+      strong_params = params.require(:user).permit(
+        *permitted_fields,
+        *selected_fields,
         # 🚅 super scaffolding will insert new fields above this line.
         *permitted_arrays,
         # 🚅 super scaffolding will insert new arrays above this line.
       )
 